Find Bug in your website

maulik shah shahmaulik120 at gmail.com
Sun Sep 29 13:53:43 EDT 2013


one another bug

Internal server error

Url :-
 http://pidgin.im/~seanegan/


HTTP request
GET /~seanegan/ HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
CLR 1.1.4322; Netsparker)
X-Scanner: Netsparker
Accept-Language: en-us,en;q=0.5
Host: pidgin.im
Accept-Encoding: gzip, deflate

Response :-
HTTP/1.1 500 Internal Server Error
Date: Sun, 29 Sep 2013 17:11:46 GMT
X-Powered-By: PHP/5.4.4-14+deb7u4
Content-type: text/html
Server: lighttpd
Content-Length: 0



On Sun, Sep 29, 2013 at 11:17 PM, Mark Doliner <mark at kingant.net> wrote:

> Hi Maulik. Thanks for reporting this to us. You're right, we should be
> forcing https here but we're not. We'll try to fix this soon. In the
> mean time, this problem isn't too terrible because there isn't a huge
> amount of harm that can be done with a user's mailing list password.
> Probably the worst aspect of this is that many users will use the same
> password here as for other things, like their bank or email account.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130929/d6c228ae/attachment.html>


More information about the security mailing list